Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2018-1999002

Опубликовано: 18 июл. 2018
Источник: redhat
CVSS3: 7.5

Описание

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat OpenShift Enterprise 3jenkinsNot affected

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Important
Дефект:
CWE-20
https://bugzilla.redhat.com/show_bug.cgi?id=1609613jenkins: Flaw in the Stapler web framework allows remote unauthenticated users to read arbitrary files

7.5 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-1999002

CVSS3: 7.5
nvd
больше 7 лет назад

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlier, 2.121.1 and earlier in the Stapler web framework's org/kohsuke/stapler/Stapler.java that allows attackers to send crafted HTTP requests returning the contents of any file on the Jenkins master file system that the Jenkins master has access to.

debian логотип

CVE-2018-1999002

CVSS3: 7.5
debian
больше 7 лет назад

A arbitrary file read vulnerability exists in Jenkins 2.132 and earlie ...

github логотип

GHSA-qf38-f2fr-q4x9

CVSS3: 7.5
github
больше 3 лет назад

Improper Input Validation in Jenkins

7.5 High

CVSS3